Design and Evaluation of an Image-Based Authentication System for Small Touch-Screens

We address the issue of security related to password systems on small touch-screen devices. In the past the PIN system, 4 consecutive digits of 0-9, has been used in order to secure personal mobile devices, but 10000 possible combinations of PINs provides only minimal security. In order to improve upon the PIN system, we have introduced the idea of using an image-based password system. Past research has shown that image-based password systems exhibit high memorability, the ability of a user to remember a password, than PIN or text based passwords.

The past research on image-based password systems has been performed on systems with "large-screen" displays, and our research is examining the effect the image-based passwords have on "small-screen" devices. Our system, TAPI, Touch-screen Authentication using Partitioned Images, uses 16 images each partitioned into 4 different sections, top, left, bottom, and right. A user‘s password is comprised of 4 different sections of the overall 64 sections.

We were able to test our system using 2 different lab studies. The first study was conducted with 15 Elon University students using a T-Mobile Android G1. 14 of 15 participants were able to remember their password after 1 week of non-use with a median entry speed of 7.1 seconds. The second lab study was conducted with 15 Elon University students using a Verizon Droid, which has a slightly larger screen and a higher resolution than the G1. 13 of 15 participants were able to remember their password after 1 week of non-use with a median entry speed of 4.6 seconds. Our results demonstrate that TAPI system is a viable alternative to the PIN system for small-screen touch screen devices as it offers greater security as well as high memorability at a reasonable entry speed. In our talk, we will also discuss future alterations and design considerations for TAPI.